14 DAY TRIAL // Enabling the “remember me” or “keep me signed in” option for online accounts could pose a security risk to users, as it may be leveraged by cybercriminals to reach sensitive information.
In a recent study conducted by Intercede, a company providing identity and credential management software, it was discovered that the convenient feature of staying logged into an online account for quick connection to the service could serve as a backdoor entry for threat actors.
The research, carried on 2,000 consumers, showed that 75% of the subjects using social media applications and email were logged in at all times on their mobile device.
Although this has a high degree of convenience when using the services, it also puts sensitive information at risk if the mobile device falls into the wrong hands.
“Keeping your Facebook, Gmail, shopping and financial accounts automatically logged in might be convenient for consumers, but it’s leaving the back door wide open to hackers,” says Intercede’s Richard Parris.
The research revealed that 37% of those using Amazon and other shopping sites had the automatic login feature enabled. With mobile banking services, 23% of them resorted to the same practice, while in the case of PayPal the figure was 27%.
Parris says that even if consumers are more careful with the login state in the case of the online banking services, crooks do not need access to the bank account to steal the user’s identity.
An email address is generally a sufficient starting point for gathering more information about the target; but the cybercriminals’ efforts are decreased if they gain access to the email account, as they can work their way to compromising other accounts.
The study also found that oftentimes consumers shared PIN codes and passwords with friends and colleagues. A total of 28% of the individuals questioned for the research admitted to knowing the login for mobile devices of family members, friends, and even colleagues at work.
The risk for identity and data theft is increased by the fact that many of the consumers are automatically signed into accounts on multiple devices.
Parris calls for a change in the way users log into their accounts, stronger authentication, and more sophisticated forms of identity being part of the solution.
“As we live more and more of our lives online, all our various digital identities need to be effectively protected – worryingly, it appears that this is not the case at the moment,” he says.